Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

ChaosBot Rust backdoor using Discord C2 and phishing delivery

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

ChaosBot is a newly disclosed Rust-based backdoor that gives operators reconnaissance and arbitrary command execution on compromised hosts, increasing the risk of full remote control. The malware was first detected in late September 2025 inside a financial services customer environment and relies on Discord C2 to receive instructions. It can also be delivered through phishing messages carrying a malicious LNK file, broadening its infection paths.

Related Happenings

UNC5221 Brickstorm, Plenet, and AgentPSD access-maintenance malware activity

Malware Activity
H score16 First: 05.06.2026 21:09 Last: 05.06.2026 21:09 Sources 1

About this happening: The **Brickstorm** malware set enabled **UNC5221 / VerdantBamboo** to keep long-term access inside victim infrastructure, including **Microsoft 365**, raising the risk of stealthy...

Open Happening

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
H score39 First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...

Open Happening

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
H score28 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

Open Happening

Gremlin stealer modular toolkit evolution

Malware Activity
H score21 First: 15.05.2026 17:19 Last: 15.05.2026 17:19 Sources 1

About this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...

Open Happening

Timeline

  1. 13.10.2025 08:12 2 articles · 8mo ago

    Initial report: ChaosBot Rust backdoor using Discord C2 and phishing delivery

    Initial Disclosure

    In **late September 2025**, ChaosBot was first detected in a **financial services** customer environment after attackers reused **compromised Cisco VPN** credentials and an over-privileged **Active Directory** account to run **WMI** commands. That foothold enabled deployment of the backdoor and established **Discord-based** remote control.

    Show sources
    Open in new tab